• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability

Lhaplus is prone to a buffer-overflow vulnerability in its LHA extended header handling routine.

A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition when Lhaplus reads the extended header in an LZH file.

This vulnerability reportedly affects version 1.52 (Japanese) of Lhaplus. Previous versions may also be vulnerable.